package org.leveryd.controller.misinformation;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;

@Controller
public class SSRFCase {
    public static String URLConnection(String url) {
        try {
            URL u = new URL(url);
            URLConnection urlConnection = u.openConnection();
            BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream())); //send request
            String inputLine;
            StringBuilder html = new StringBuilder();

            while ((inputLine = in.readLine()) != null) {
                html.append(inputLine);
            }
            in.close();
            return html.toString();
        } catch (Exception e) {
            System.out.println(e.getMessage());
            return e.getMessage();
        }
    }

    @ResponseBody
    @RequestMapping("/lookup_domain")
    public String LookupDomain(@RequestParam("domain") String domain) {
        String url = "https://118.89.204.198/resolv?host=" + domain + "&os_type=web";
        return URLConnection(url);
    }

    @ResponseBody
    @RequestMapping("/webhook")
    public String WebHook(@RequestParam("domain") String domain) {
        String url = "http://" + domain + "/oauth/login?username=admin&password=admin";
        return URLConnection(url);
    }
}


// curl '127.0.0.1:8085/lookup_domain?domain=xxx.zhihu.com'
// curl '127.0.0.1:8085/webhook?domain=127.0.0.1:8086'

// webhook接口存在ssrf，lookup_domain接口并不存在ssrf